Incident Management

Objectives

After completing this curricular unit, students will be able to: LO1. Describe the methods and best practices most frequently used in incident response processes. LO2. Critically evaluate response activities in cyber incident management, from initial compromise to recovery, and recommend improvements. LO3. Build and manage cybersecurity incident response plans, not forgetting the roles and responsibilities, as well as the set of steps recommended for this type of plan and the necessary framework for the organization’s business continuity. LO4. Contrast methods for assessing the maturity of an organization’s incident response capabilities.

Program

  1. Fundamentals of incident response; Incident detection and treatment and the Importance of the Security Operation Center in organizations.
  2. Security incident management process and standards for incident management (ISO/IEC 27035:2011; ISO/IEC 27043:2015; NIST and ENISA).
  3. Assessment of the impact of Cyber threats and attacks
  4. Constitution and preparation of CERT/CSIRT Teams and response strategies to cyber security incidents. CERT/CSIRT in Critical Infrastructures.
  5. BIAs (Business Impact Analysis); Emergency and Contingency Plans; Disaster recovery and its framing in organizations’ business continuity.
  6. Concept of organizational resilience. Crisis Management: planning; coordination with stakeholders; communication; leadership, and preparation (training and exercises).

Bibliography

  • S. Anson. Applied Incident Response. 1st edition, John Wiley & Sons, 2020.
  • G. Johansen. Digital forensics and incident response: Incident response techniques and procedures to respond to modern cyber threats. Packt Publishing Ltd, 2020.
  • Y. Diogenes, E. Ozkaya. Cybersecurity-Attack and Defense Strategies: Improve your security posture to mitigate risks and prevent attackers from infiltrating your system. 3rt edition, Packt Publishing, 2022.

Updated: